CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: unconditionally bump set-&gt;nelems before insertion<br /> <br /> In case that the set is full, a new element gets published then removed<br /> without waiting for the RCU grace period, while RCU reader can be<br /> walking over it already.<br /> <br /> To address this issue, add the element transaction even if set is full,<br /> but toggle the set_full flag to report -ENFILE so the abort path safely<br /> unwinds the set to its previous state.<br /> <br /> As for element updates, decrement set-&gt;nelems to restore it.<br /> <br /> A simpler fix is to call synchronize_rcu() in the error path.<br /> However, with a large batch adding elements to already maxed-out set,<br /> this could cause noticeable slowdown of such batches.